CVE-2024-38510

high

Description

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

References

https://support.lenovo.com/us/en/product_security/LEN-156781

Details

Source: Mitre, NVD

Published: 2024-07-26

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:P

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H